The federal government's role in protecting U.S. citizens and critical infrastructure from cyber attacks has been the subject of recent congressional interest. Critical infrastructure commonly refers to those entities that are so vital that their incapacitation or destruction would have a debilitating impact on national security, economic security, or the public health and safety. This report discusses selected legal issues that frequently arise in the context of recent legislation to address vulnerabilities of critical infrastructure to cyber threats, efforts to protect government networks from cyber threats, and proposals to facilitate and encourage sharing of cyber threat information among private sector and government entities. This report also discusses the degree to which federal law may preempt state law.

The financial crisis implicated the over-the-counter (OTC) derivatives market as a major source of systemic risk. A number of firms used derivatives to construct highly leveraged speculative positions, which generated enormous losses that threatened to bankrupt not only the firms themselves but also their creditors and trading partners. Hundreds of billions of dollars in government credit were needed to prevent such losses from cascading throughout the system. AIG was the best-known example, but by no means the only one. Equally troublesome was the fact that the OTC market depended on the financial stability of a dozen or so major dealers. Failure of a dealer would have resulted in the nullification of trillions of dollars' worth of contracts and would have exposed derivatives counterparties to sudden risk and loss, exacerbating the cycle of deleveraging and withholding of credit that characterized the crisis. During the crisis, all the major dealers came under stress, and even though derivatives dealing was not generally the direct source of financial weakness, a collapse of the $600 trillion OTC derivatives market was imminent absent federal intervention. The first group of Troubled Asset Relief Program (TARP) recipients included nearly all the large derivatives dealers. The Dodd-Frank Act (P.L. 111-203) sought to remake the OTC market in the image of the regulated futures exchanges. Crucial reforms include a requirement that swap contracts be cleared through a central counterparty regulated by one or more federal agencies. Clearinghouses require traders to put down cash (called initial margin) at the time they open a contract to cover potential losses, and require subsequent deposits (called maintenance margin) to cover actual losses to the position. The intended effect of margin requirements is to eliminate the possibility that any firm can build up an uncapitalized exposure so large that default would have systemic consequences (again, the AIG situation). The size of a cleared position is limited by the firm's ability to post capital to cover its losses. That capital protects its trading partners and the system as a whole. Swap dealers and major swap participants-firms with substantial derivatives positions-will be subject to margin and capital requirements above and beyond what the clearinghouses mandate. Swaps that are cleared will also be subject to trading on an exchange, or an exchange-like "swap execution facility," regulated by either the Commodity Futures Trading Commission (CFTC) or the Securities and Exchange Commission (SEC), in the case of security-based swaps. All trades will be reported to data repositories, so that regulators will have complete information about all derivatives positions. Data on swap prices and trading volumes will be made public. The Dodd-Frank Act provides exceptions to the clearing and trading requirements for commercial end-users, or firms that use derivatives to hedge the risks of their nonfinancial business operations. Regulators may also provide exemptions for smaller financial institutions. Even trades that are exempt from the clearing and exchange-trading requirements, however, will have to be reported to data repositories or directly to regulators.

The federal government's role in protecting U.S. citizens and critical infrastructure from cyberattacks has been the subject of recent congressional interest. Critical infrastructure commonly refers to those entities that are so vital that their incapacitation or destruction would have a debilitating impact on national security, economic security, or the public health and safety. This report discusses selected legal issues that frequently arise in the context of recent legislation to address vulnerabilities of critical infrastructure to cyber threats, efforts to protect government networks from cyber threats, and proposals to facilitate and encourage sharing of cyber threat information among private sector and government entities. This report also discusses the degree to which federal law may preempt state law. It has been argued that, in order to ensure the continuity of critical infrastructure and the larger economy, a regulatory framework for selected critical infrastructure should be created to require a minimum level of security from cyber threats. On the other hand, others have argued that such regulatory schemes would not improve cybersecurity while increasing the costs to businesses, expose businesses to additional liability if they fail to meet the imposed cybersecurity standards, and increase the risk that proprietary or confidential business information may be inappropriately disclosed. In order to protect federal information networks, the Department of Homeland Security (DHS), in conjunction with the National Security Agency (NSA), uses a network intrusion system that monitors all federal agency networks for potential attacks. Known as EINSTEIN, this system raises significant privacy implications-a concern acknowledged by DHS, interest groups, academia, and the general public. DHS has developed a set of procedures to address these concerns such as minimization of information collection, training and accountability requirements, and retention rules. Notwithstanding these steps, there are concerns that the program may implicate privacy interests protected under the Fourth Amendment. Although many have argued that there is a need for federal and state governments, and owners and operators of the nation's critical infrastructures, to share information on cyber vulnerabilities and threats, obstacles to information sharing may exist in current laws protecting electronic communications or in antitrust law. Private entities that share information may also be concerned that sharing or receiving such information may lead to increased civil liability, or that shared information may contain proprietary or confidential business information that may be used by competitors or government regulators for unauthorized purposes. Several bills in the 112th Congress would seek to improve the nation's cybersecurity, and may raise some or all of the legal issues mentioned above. For example, H.R. 3523 (Rogers (Mich.)-Ruppersberger) addresses information sharing between the intelligence community and the private sector. H.R. 3674 (Lungren) includes provisions regarding the protection of critical infrastructure, as well as information sharing. H.R. 4257 (Issa-Cummings) would require all federal agencies to continuously monitor their computer networks for malicious activity and would impose additional cybersecurity requirements on all federal agencies. S. 2102 (Feinstein) seeks to facilitate information sharing. S. 2105 (Lieberman) includes the information sharing provisions of S. 2102, as well as provisions relating to the protection of critical infrastructure and federal government networks. S. 2151 (McCain) and H.R. 4263 (Bono-Mack) also addresses information sharing among the private sector and between the private sector and the government. Many of these bills also include provisions specifically addressing the preemption of state laws.

Prior to the 2011 National Football League (NFL) lockout, developments in professional football's labor-management relations had prompted questions regarding how, when, and in what manner a new collective bargaining agreement (CBA) might be drafted. Interest in this matter included, on the part of some observers, questions about how Congress responded to previous work stoppages in professional sports. In attempting to address this particular question, this report examines congressional responses to the 1982 and 1987 work stoppages in the NFL. With the conclusion of the 2011 NFL lockout in July, this work stoppage is also included. Additionally, this report examines the 1994 Major League Baseball strike, which is useful considering the extent of congressional activity surrounding this strike. Compared to the 1994 baseball strike, the 1982 and 1987 football strikes and the 2011 lockout did not garner much attention from Congress in terms of legislative measures and hearings. Three legislative measures were introduced in response to the 1982 strike; one each was introduced in response to the 1987 strike and the 2011 lockout. Members introduced or offered 22 legislative measures and held five hearings that were related to the baseball strike. With one exception (S.Res. 294, 100th Congress), none of these measures was approved by either house. Members who introduced, or otherwise supported, legislative measures offered reasons for promoting congressional intervention. Their arguments touched on, for example, the economic impact of work stoppages, the role of baseball's antitrust exemption in establishing a climate conducive to players' strikes, previous congressional involvement in professional sports, and a responsibility to ensure the continuity of football (or baseball). Disagreeing that congressional intervention was warranted, other Members offered several reasons why Congress ought not to intervene. For example, one Member suggested that repealing baseball's antitrust exemption would alter the balance of power in professional baseball. Other Members believed that more pressing matters deserved Congress's attention. At least one Member suggested that a particular bill, if enacted, would have the effect of favoring the players over the owners.